Software tampering is a threat to software developers and consumers by raising software piracy and security concerns. Tamper-resistant software typically contains two functional components: a tamper detection component and a tamper response component. Each of these components can be created from one or more separate modules. The tamper detection component is responsible for detecting an attempt to tamper with the software. The tamper response component implements one or more actions in response to detection of an attempt to tamper with the software.
Many typical tamper-resistant systems focus on hiding the tamper-detection code (i.e., the code that verifies the program's integrity). However, these typical tamper-resistant systems place little emphasis on the tamper response component. Since hackers often look for the weakest link to defeat the tamper-resistant system, an inadequate tamper response component may be utilized by hackers.
Systems that do include a tamper response component often apply the tamper response component immediately after the tamper detection component identifies an attempt to tamper with the software. Further, many typical copy protection systems can be easily patched out by a hacker or other individual attempting to tamper with the software.
To improve the effectiveness of a tamper-resistant system, it is desirable to separate the process of tamper detection from the process of responding to the detected tampering.